e8323c0e6aa8c636d4a63c04860f6bd678869dc84f1653208e7a65ceb2b344ac

Sharing

Copy URL

Twitter E-mail

General

Target

e8323c0e6aa8c636d4a63c04860f6bd678869dc84f1653208e7a65ceb2b344ac
Size

1.8MB
MD5

5a7bf182ac8a0b87259fe7a52d12e554
SHA1

36b0000e21526f2276e5c4972bcf61486168c831
SHA256

e8323c0e6aa8c636d4a63c04860f6bd678869dc84f1653208e7a65ceb2b344ac
SHA512

45fdde902cef7324cb2ddbbb1ab37aa9a5df89ba57210f9e762c1c91ab84026582fc6d8a65251b587b658e2a73b95ee1037f9b6621bb4a0eeb23bbcb99bc5163
SSDEEP

24576:2T5Rvt2aRy3U2cJD1vOt6PQM9/giuAQRWhHRgXYRnr8TQdNcV9xsD1V:UkE3G4RMWBWoRr8Tn9xu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e8323c0e6aa8c636d4a63c04860f6bd678869dc84f1653208e7a65ceb2b344ac

Files

e8323c0e6aa8c636d4a63c04860f6bd678869dc84f1653208e7a65ceb2b344ac
.dll windows:4 windows x86 arch:x86

2de98bc3f5074898f291440ef2277e24

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\apollo\dev\client\IIPS\Source\app\unity_plugin\IIPSMobilePlugin.pdb

Imports

kernel32

CreateFileMappingW
CreateFileW
WriteFile
MultiByteToWideChar
SetFilePointerEx
SetEndOfFile
DeviceIoControl
GetCurrentProcess
SetFileValidData
GetVersionExW
UnmapViewOfFile
SetFilePointer
GetFileSize
ReadFile
SleepEx
OpenProcess
LoadLibraryW
GetProcAddress
GetLocalTime
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
GetCurrentProcessId
DeleteFileW
GetModuleFileNameW
VirtualQuery
GetExitCodeThread
GetCurrentThreadId
CreateThread
WaitForSingleObject
GetCurrentThread
ExitThread
CreateEventW
WaitForMultipleObjects
SetEvent
ResetEvent
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
CopyFileW
GetFileAttributesW
FlushFileBuffers
LockFileEx
CreateDirectoryW
UnlockFile
LockFile
UnlockFileEx
FormatMessageW
FormatMessageA
Sleep
ExpandEnvironmentStringsA
HeapFree
HeapAlloc
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteConsoleW
GetFileType
GetStdHandle
GetFileAttributesA
CreateDirectoryA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemInfo
FindFirstFileA
DeleteFileA
MoveFileA
GetSystemTimeAsFileTime
CreatePipe
CreateProcessA
DuplicateHandle
GetFullPathNameA
SetStdHandle
SetConsoleCtrlHandler
HeapReAlloc
InterlockedExchange
GetModuleHandleA
ExitProcess
GetFileInformationByHandle
PeekNamedPipe
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
FatalAppExitA
VirtualAlloc
RaiseException
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
GetConsoleCP
GetConsoleMode
HeapSize
GetCurrentDirectoryA
SetCurrentDirectoryA
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetExitCodeProcess
FreeLibrary
LoadLibraryA
GetTimeZoneInformation
GetLocaleInfoA
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedCompareExchange
MapViewOfFile
CloseHandle
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetLastError
GetLastError
GetDriveTypeA
OutputDebugStringA

advapi32

CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
CryptHashData

shlwapi

StrTrimW

ws2_32

WSACleanup
setsockopt
WSAGetLastError
select
htonl
inet_addr
accept
ntohl
getnameinfo
WSAStartup
connect
listen
ioctlsocket
getsockopt
send
closesocket
__WSAFDIsSet
socket
bind
recv
gethostbyname
htons
sendto
getsockname
recvfrom
WSASetLastError
ntohs
WSAIoctl
getpeername
freeaddrinfo
getaddrinfo

Exports

Exports

CancelDownload
CancelUpdate
CheckAppUpdate
CreateDataManager
CreateDataMgr
CreateDownlaodMgrCallBack
CreateVersionInfoCallBack
CreateVersionManager
CreateVersionMgr
DataMgrPollCallback
DestroyDownlaodMgrCallBack
DestroyVersionInfoCallBack
DownloadIfsData
DownloadIfsPackage
DownloadLocalData
GetActionDownloadSpeed
GetCallBackGCHandle
GetCurDataVersion
GetDataDownloader
GetDataMgrMemorySize
GetDataQuery
GetDataReader
GetDownloadCallbackGCHandle
GetDownloadSpeed
GetDownloadTaskInfo
GetIFSDataResumeBrokenInfo
GetIFSPackageResumeBrokenInfo
GetIFileId
GetIFileName
GetIFileSize
GetIfsPackagesInfo
GetLastDataMgrError
GetLastDataQueryError
GetLastDownloaderError
GetLastReaderError
GetLocalDataResumeBrokenInfo
GetMemorySize
GetVersionMgrLastError
IIPSFindClose
IIPSFindFirstFile
IIPSFindNextFile
InitDataDownloader
InitDataManager
InitVersionMgr
IsIFileDir
IsIFileReady
PauseDownload
PoolVersionManager
Read
ReleaseDataManager
ReleaseDataMgr
ReleaseVersionManager
ReleaseVersionMgr
ResumeDonload
SetDownloadSpeed
SetNextStage
StartDownload
UnitDataManager
UnitVersionMgr
exit

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2de98bc3f5074898f291440ef2277e24

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shlwapi

ws2_32

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 256KB - Virtual size: 252KB

.data Size: 24KB - Virtual size: 45KB

.reloc Size: 72KB - Virtual size: 69KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 256KB - Virtual size: 252KB

.data
Size: 24KB - Virtual size: 45KB

.reloc
Size: 72KB - Virtual size: 69KB